Hello Nick et al, Subseven 2.2 uses blowfish encryption to store the settings, at the end of the server executable if i remember correctly. While in subseven 2.1 the editserver was able to "open" and read from the server, 2.2 did not have this feature (I think the author beleived it added security). I would reccomend using a packet sniffer on a machine and running the server on that machine, and seeing if it pages an ICQ number, or joins an IRC channel, or emails someone. Alternatively you can use something like "memspy" or "winhex" to view the servers memory when its running :- i think some of the settings are viewable in plain text there too. Let me know how you go. dataspy (dsinc) -------------------------------------- Saturday, January 4, 2003, 5:11:21 AM, you wrote: NJ> I am wondering if anyone has any pointers on how to access the configuration NJ> data from a Subseven 2.2 server executable? In 2.1, it was possible to open NJ> the server in the editserver program, and see the settings, but that is no NJ> longer an option in 2.2. NJ> I have a client machine that was infected, and I am hoping to track down the NJ> information on the person(s) who infected it. NJ> Thank You, NJ> Nick Jacobsen NJ> Ethics Design NJ> nickat_private ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Jan 07 2003 - 12:01:54 PST